[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]
AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.
Xen supports guests using these extensions.
Unfortunately there are errors in Xen's handling of the guest state, leading
to denials of service.
1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of
a previous vCPUs debug mask state.
2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock
up the CPU entirely.
References
Link | Resource |
---|---|
https://xenbits.xenproject.org/xsa/advisory-444.html | Patch Vendor Advisory |
https://xenbits.xenproject.org/xsa/advisory-444.html | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://xenbits.xenproject.org/xsa/advisory-444.html - Patch, Vendor Advisory |
11 Jan 2024, 15:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://xenbits.xenproject.org/xsa/advisory-444.html - Patch, Vendor Advisory | |
First Time |
Xen
Xen xen |
|
CPE | cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | NVD-CWE-noinfo |
05 Jan 2024, 18:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-05 17:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-34328
Mitre link : CVE-2023-34328
CVE.ORG link : CVE-2023-34328
JSON object : View
Products Affected
xen
- xen
CWE